Security Diaries All About Security
Related Articles
Memory segmentation is a place where all the things happen while any program is running. Memory is divided into several segments and in this article, we are going to discuss them
Usually compiled program memory is divided into 5 segments
- text
- data
- bss
- heap
- stack
Each segment has its own purpose
Text segment:
The text segment is also called a code segment. This is where all the assembled machine language instructions are located. As the program starts executing EIP(Extended Instruction Pointer) is set to the first instruction in the text segment. The processor runs the execution loop which does
- Reads the instruction that EIP is pointing to
- Adds the byte length of the instruction to EIP
- Executes the instruction that was read in step 1
- Goes back to step 1
Sometimes there is a possibility of the instruction in EIP might be a call to another instruction or jump to another instruction which changes the address of EIP. As processor expects a nonlinear behaviour it won’t care about the address change.
If EIP is changed in step 3, the processor will just go back to step 1 and read the instruction found at the address of whatever EIP was changed to.
For example:
The first instruction in the text segment is to declare an integer variable of 2 bytes then the processor adds byte length of 2 bytes and executes the code, but if the instruction is to jump into some other function then that function is stored in another address which will change EIP but processor won’t worry about change in address as it expects non-linear behaviour and executes the function that is there at the jumped location.
Write permission is disabled in text segment which won’t let anyone change program code and if any attempt to change the program will alert the user and sometimes the program will be killed. As it is read_only the text segment can be executed multiple times at the same time by sharing the program. Text memory segment has a fixed memory size as nothing changes.
Data Segment:
Data Segment is where all initialized global variables and static variables. Even though this segment is writeable this segment is fixed length.
BSS:
BSS is the segment where all uninitialized global and static variables are stored. Even though this segment is writeable this segment has fixed length.
Heap segment:
Heap segment is completely flexible. We can say heap segment as a memory segment that is allocated while runtime, so the heap size will be increased decreased on the fly based on what the programmer has decided. Memory allocating and deallocating algorithms(like calloc, malloc) will manage all the memory of heap. There is no fixed size for the heap because everything is allocated in the runtime.
Stack segment:
Stack also has variable memory size. This is used to store temporary variable and parameters. For example, a program called a function which is at a different location. This will change the code in text segment and also changes EIP, now the called function will have the parameters which needs to be passed and a stack is used to store those parameters and also after executing the function EIP needs to return which again needs local variables and all this data is stored in the stack.
Simply stack stores the data of local function and the called functions.
The stack is based on LIFO(Last In First Out)
ESP(Extended Stack Pointer) is a register used to store the address of the end of the stack. As the data gets pushed to and popped out from the stack the address of ESP also changes dynamically.
When a function is called several data is pushed into stack frame. The EBP(Extended Base Pointer) register—sometimes called the frame pointer (FP) or local base (LB) pointer— is used to reference local function variables in the current stack frame.
Each stack frame contains parameters to the function and local variables of the function.
The Saved Frame Pointer(SFP) and return address are two pointers used to set the things in the right way when some function call is done with execution.
When a function is called that will change the data in the stack so it is crucial to return the stack to its original state once the execution of the called function is done. SFP is used to restore EBP value to its original value or previous value whereas return address is used to set EIP to next instruction address. These are the five memory segments, how they work and what they do.
Abbreviations:
ESP: Extended Stack Pointer
EBP: Extended Base Pointer
EIP: Extended Instruction Pointer
These are the pointers that are available in 32-bit but in 64-bit E is replaced with R like RSP, RBP, RIP and similarly in 128-bit R is replaced with T like TSP, TBP, TIP
Read More: Unix File System Architecture
